In this new world of "Internet of Things" and billions of networked embedded devices, it is crucial for device manufacturers to bake security into their new designs before they leave the factory. Here are five tips from a team of security researchers who make a living reverse engineering (hacking) into IoT devices on behalf of industry clients.
Explosive growth of networked embedded devices and a shifting threat landscape require a new approach to IoT Security. Here is why.
Why is Everything Connected Now?
Not a day goes by without a story of a new “smart” device being launched. A perfect storm of new enabling technologies is driving the adoption of Internet-connected devices: The rise of inexpensive Systems-on-a-chip (SOCs) running full operating systems has effectively eradicated many industry use cases for expensive, custom application-specific integrated circuits (ASICs). Any product developer, hobbyist or high-schooler can use an off-the-shelf low-cost computing device like the Raspberry Pi and launch a functioning product in under three months of development. The commoditization of hardware, coupled with rapidly decreasing cost of bandwidth and processing has lead to an explosion of Internet-connected devices. Most of the buzz has been focused in the consumer space with smart toasters, kettles, and diapers?! The proliferation of useless novelty devices has led to a fatigue with the term “Internet of Things” causing Goldman Sachs to quip in 2014 “you cannot spell idiot without IoT”.
In our last post we talked about a vulnerability discovered in the D-Link DCS-930L Cloud Camera. Since then the Senrio Research Team has been working closely with the D-Link Security Incident Report Team. Below we disclose technical details of our efforts.
In today’s age of constant connectivity the allure of remotely checking on your home and loved ones is appealing and manufacturers of Wifi Cameras promise a “second set of eyes around the home or office.” However, you may not be the only one peeping in. The dangers of unsecured webcams and baby monitors have been reported in 2014 with cautionary tales warning consumers to change their default passwords. So that’s the end of the story, right? Adding a password will protect me from creepy strangers looking into my home. Not so fast. Researchers at Senrio discovered a vulnerability in a popular Wifi camera that lets attackers overwrite the administrator password.
Cybersecurity Researchers Launch Solution to Address Inherent Vulnerabilities in Network Embedded Devices, with Focus on Healthcare, Critical Infrastructure and Corporate Environments
Portland,OR: Today, Senrio, an Internet of Things (IoT) cybersecurity solution, emerges from stealth mode with the launch of an IoT network cybersecurity platform that provides visibility and defense for networked embedded devices (NEDs) used in healthcare, critical infrastructure, retail and corporate environments.
Senrio in the press!
IoT Hacking comic book!
Watch some our IoT security research
Live On Twitch.tv
Upcoming Trainings by our Team!
Practical Android Exploitation
Blackhat, Las Vegas 2017
Software Exploitation Via Hardware Exploitation
Blackhat Las, Vegas 2017
Practical ARM Exploitation